In 2021, we have seen cybercriminals use ransomware attacks to devastating effect – Recent attacks on Kaseya and the Colonial Pipeline have clearly demonstrated just how vulnerable our critical infrastructure really is.
To make matters worse, we have also seen ransomware evolve to include additional capabilities. In addition to encrypting and preventing access to data, it is now common to see ransomware strains that are capable of exfiltrating and reusing sensitive information to be used for additional exploits. Naturally, ransomware has become a top priority for governments around the world, creating a need for tighter controls and proactive security measures that can help keep our data protected.
Here is a quick guide to ransomware and the proactive measures you can use to protect yourself from it:
What is Ransomware?
Ransomware is a type of malware that targets and encrypts key system files in order to prevent a user from gaining access. Once access is prevented, the ransomware will typically demand a ransom in cryptocurrency in exchange for access. Some strains will even exfiltrate data to an external command & control (C2) server threatening to leak sensitive information unless the ransom is paid.
The most common way that ransomware gains access to a target network is through a social engineering or phishing attack. Here, attackers will pose as an authority figure or trusted friend in an attempt to trick you into downloading a malicious attachment. Once opened, the attacker has now gained access and is able to take a variety of actions needed to escalate their privileges within your system.
Protecting Yourself from Ransomware
Role-based end-user education
When we think of cyberattacks, we tend to think of shadowy figures using cutting-edge tools to break into secure networks. In reality, though, most ransomware attacks start as simple phishing emails designed to trick a user into downloading a malicious attachment or opening a fake webpage. With this in mind, end-users are often the first line of defense against a ransomware attack, and education and proper security awareness training are critical.
Periodic training on the types of threats they will encounter and the actions that they should take is highly recommended.
Double-check your configurations!
Even the most secure web platforms can be left wide open if privacy and permissions settings are not properly configured during setup. Make sure to double-check privacy and configuration settings to ensure that they are configured properly.
Use Multi-Factor Authentication (MFA) wherever possible
Passwords are often unreliable and easy to steal – Just look online and you can find entire directories of breached records sitting around, making it clear that password-only protection is no longer adequate for enterprise security. Deploying an MFA system across every possible login system will help ensure that stolen passwords and credentials are not readily usable to attackers.
Maintain an aggressive patch management policy
Recently, we have seen a rise in attackers using zero-day vulnerabilities to gain a foothold within a target network. These threats are particularly difficult to monitor because there are new ones that emerge constantly – sometimes daily. As such, it is necessary to employ an aggressive patch management strategy, particularly with browser-based solutions involving Adobe Flash or Java.
If possible, aim to have patches applied automatically and in a timely manner.
Industry Leading Ransomware Protection with Stratejm
For many organizations, maintaining an effective and up-to-date security system can be a difficult and resource-intensive task. Partnering with a leading managed security services provider like Stratejm is the best way to provide effective, enterprise-grade security for your organization. Our eMDR solution provides automated, 24/7/365 real-time threat detection & response that is backed by our fully certified Type II Cyber Intelligence Centre.